Re: SOX Question

From: Jared Still <jkstill_at_gmail.com>
Date: Tue, 2 Jun 2009 13:05:10 -0700
Message-ID: <bf46380906021305w5ea6ec1fv45138a03bc3e4744_at_mail.gmail.com>

On Tue, Jun 2, 2009 at 12:44 PM, Tim Gorman <tim_at_evdbt.com> wrote:

> Authenticate, authorize, and audit: it strikes me that if a change
> management system can do those three things reliably and securely, you can't
> be too far off. Lack of separation of duties might still get dinged in a
> SOX audit, but its something the organization can probably negotiate.
>

Change management is as much about recording what happened, and who did it as it is about authorizing changes.

As has been stated and implied, SOX is nebulous and is really a set of standards
negotiated with your SOX Auditors.

The bottom line on that is that it must be something the CEO/CFO, and/or possibly
others are willing to sign off on. While the SOX standard is nebulous, the penalties are not.
http://tinyurl.com/sox-penalties

Jared

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jun 02 2009 - 15:05:10 CDT

This message: [ Message body ]
Next message: Sven Aluoor: "Re: freeware tool for generating ERM diagram from existing Oracle DB"
Previous message: Andrew Kerber: "Re: freeware tool for generating ERM diagram from existing Oracle DB"
Maybe in reply to: SHEEHAN, JEREMY: "SOX Question"
Next in thread: Andrew Kerber: "Re: freeware tool for generating ERM diagram from existing Oracle DB"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message